[Kroupware] Kolab security fixes

Paul Gargan pgargan at nexgenfs.com
Thu Jan 22 18:39:18 CET 2004


Hi all,

I'm a system administrator who recently started looking at Kolab with a 
view to deploying it in our organisation. I'm wondering what approach is 
taken to security patches for the various software components used in 
the project.

Firstly, are the supplied versions of Apache, Postfix, etc custom built 
for Kolab, or are they the vanilla source code provided by the 
respective vendors?

Secondly, if a security hole is discovered in a Kolab component (e.g. 
the root hole in Monit discovered last November) how is this treated?

Are the patches released by the package authors backported into whatever 
version is being used by Kolab? Or are these patches simply rolled up 
into the next release of Kolab (leaving servers vunerable in the 
interim)? Or is it up to server administrators to manually patch and 
recompile?

If all this is addressed in a FAQ somewhere, then a pointer to a URL 
will suffice :)

Many thanks in advance,
Paul Gargan


More information about the Kroupware mailing list